From 6ccfc8fa316f8dcfe4c943e5a43e9e3661be9cb1 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 10 Sep 2018 14:44:04 +0100 Subject: [PATCH] More updates to CHANGES and NEWS for the 1.1.1 release Reviewed-by: Ben Kaduk Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7167) --- CHANGES | 8 ++++++++ NEWS | 18 ++++++++++++++++-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index be449542f2..63fe26c3c2 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,14 @@ Changes between 1.1.0i and 1.1.1 [xx XXX xxxx] + *) Add a new ClientHello callback. Provides a callback interface that gives + the application the ability to adjust the nascent SSL object at the + earliest stage of ClientHello processing, immediately after extensions have + been collected but before they have been processed. In particular, this + callback can adjust the supported TLS versions in response to the contents + of the ClientHello + [Benjamin Kaduk] + *) Add SM2 base algorithm support. [Jack Lloyd] diff --git a/NEWS b/NEWS index b49d51a60a..ae0c2d7cdc 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,19 @@ Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [in pre-release] - o Support for TLSv1.3 added + o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3 + for further important information). The TLSv1.3 implementation includes: + o Fully compliant implementation of RFC8446 (TLSv1.3) on by default + o Early data (0-RTT) + o Post-handshake authentication and key update + o Middlebox Compatibility Mode + o TLSv1.3 PSKs + o Support for all five RFC8446 ciphersuites + o RSA-PSS signature algorithms (backported to TLSv1.2) + o Configurable session ticket support + o Stateless server support + o Rewrite of the packet construction code for "safer" packet handling + o Rewrite of the extension handling code o Complete rewrite of the OpenSSL random number generator to introduce the following capabilities o The default RAND method now utilizes an AES-CTR DRBG according to @@ -21,7 +33,7 @@ o Support for various new cryptographic algorithms including: o SHA3 o SHA512/224 and SHA512/256 - o EdDSA (including Ed25519 and Ed448) + o EdDSA (both Ed25519 and Ed448) including X509 and TLS support o X448 (adding to the existing X25519 support in 1.1.0) o Multi-prime RSA o SM2 @@ -30,6 +42,8 @@ o SipHash o ARIA (including TLS support) o Significant Side-Channel attack security improvements + o Add a new ClientHello callback to provide the ability to adjust the SSL + object at an early stage. o Add 'Maximum Fragment Length' TLS extension negotiation and support o A new STORE module, which implements a uniform and URI based reader of stores that can contain keys, certificates, CRLs and numerous other -- 2.25.1